BuddyPress 12.1.1 is now available. This is a security and maintenance release. Please update your BuddyPress as soon as possible.
The 12.1.1 release addresses the following minor security issue:
- Using the Cover Image group’s REST API Endpoints, it was possible to a non member of private/hidden group to get the corresponding group Cover Image URL. Discovered by Colin Xu.
This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.
BuddyPress 12.1.1 also fixes 10 bugs. For complete details, visit the 12.1.1 changelog.